Lucene search

[email protected]CVE-2010-3702

HistoryNov 05, 2010 - 6:00 p.m.

CVE-2010-3702

2010-11-0518:00:05

CWE-476

[email protected]

web.nvd.nist.gov

cve-2010-3702

pdf parser

xpdf

poppler

cups

kdegraphics

denial of service

uninitialized pointer dereference

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

Affected configurations

NVD

Node

applecupsRange≤1.3.11

freedesktoppopplerRange0.8.7–0.15.1

xpdfreaderxpdfRange≤3.01

xpdfreaderxpdfMatch3.02-

xpdfreaderxpdfMatch3.02pl1

xpdfreaderxpdfMatch3.02pl2

xpdfreaderxpdfMatch3.02pl3

xpdfreaderxpdfMatch3.02pl4

Node

fedoraprojectfedoraMatch12

fedoraprojectfedoraMatch13

fedoraprojectfedoraMatch14

Node

opensuseopensuseMatch11.1

opensuseopensuseMatch11.2

opensuseopensuseMatch11.3

suselinux_enterprise_serverMatch9

suselinux_enterprise_serverMatch10sp3-

suselinux_enterprise_serverMatch11-

suselinux_enterprise_serverMatch11sp1

Node

debiandebian_linuxMatch5.0

debiandebian_linuxMatch6.0

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_workstationMatch5.0

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04-

canonicalubuntu_linuxMatch9.04

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch10.10

CPENameOperatorVersion
apple:cupsapple cupsle1.3.11
freedesktop:popplerfreedesktop popplerle0.15.1
xpdfreader:xpdfxpdfreader xpdfle3.01
xpdfreader:xpdfxpdfreader xpdfeq3.02

CPE	Name	Operator	Version
apple:cups	apple cups	le	1.3.11
freedesktop:poppler	freedesktop poppler	le	0.15.1
xpdfreader:xpdf	xpdfreader xpdf	le	3.01
xpdfreader:xpdf	xpdfreader xpdf	eq	3.02

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch

cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf

lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html

lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

rhn.redhat.com/errata/RHSA-2012-1201.html

secunia.com/advisories/42141

secunia.com/advisories/42357

secunia.com/advisories/42397

secunia.com/advisories/42691

secunia.com/advisories/43079

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720

www.debian.org/security/2010/dsa-2119

www.debian.org/security/2010/dsa-2135

www.mandriva.com/security/advisories?name=MDVSA-2010:228

www.mandriva.com/security/advisories?name=MDVSA-2010:229

www.mandriva.com/security/advisories?name=MDVSA-2010:230

www.mandriva.com/security/advisories?name=MDVSA-2010:231

www.mandriva.com/security/advisories?name=MDVSA-2012:144

www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html

www.openwall.com/lists/oss-security/2010/10/04/6

www.redhat.com/support/errata/RHSA-2010-0749.html

www.redhat.com/support/errata/RHSA-2010-0750.html

www.redhat.com/support/errata/RHSA-2010-0751.html

www.redhat.com/support/errata/RHSA-2010-0752.html

www.redhat.com/support/errata/RHSA-2010-0753.html

www.redhat.com/support/errata/RHSA-2010-0754.html

www.redhat.com/support/errata/RHSA-2010-0755.html

www.redhat.com/support/errata/RHSA-2010-0859.html

www.securityfocus.com/bid/43845

www.ubuntu.com/usn/USN-1005-1

www.vupen.com/english/advisories/2010/2897

www.vupen.com/english/advisories/2010/3097

www.vupen.com/english/advisories/2011/0230

bugzilla.redhat.com/show_bug.cgi?id=595245

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for CVE-2010-3702

veracode1 nessus70 oraclelinux9 openvas67 prion1 redhat9 ubuntucve1 nvd1 debiancve1 centos8 cvelist1 securityvulns2 osv1 debian2 fedora6 altlinux4 ubuntu1 slackware2 gentoo2 freebsd1